Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Thread beginning with comment 353838
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Sad to say
by Thom_Holwerda on Thu 19th Mar 2009 07:42 UTC in reply to "RE: Sad to say"
Thom_Holwerda
Member since:
2005-06-29

Weakest link in the chain, Kroc.

Reply Parent Score: 8

RE[3]: Sad to say
by Kroc on Thu 19th Mar 2009 08:08 in reply to "RE[2]: Sad to say"
Kroc Member since:
2005-11-10

A self-propagating Mac virus is not going to be very successful unless it can spread via other means than just the browser. It may enter via the browser, but going machine to machine is going to need to be more clever than that.

The patch for this flaw will be released, and this whole thing would have been nothing but one big ego-trip for the hacker, with no profound meaning.

Are we to expect to shower the grey-hats and white-hats with attention and prizes for every browser bug they find? No, finding and reporting browser bugs should be humble work, and many hackers are humble enough to do it this way, letting the vendor know early and giving them time to resolve the issue.

This competition is just to sensationalise and rile up the haters and the ignorant over a matter that should be handled much better.

-- PS. Both Webkit and Gecko are open source engines, if the guy weren't a pr!ck, then he would have filed the bugs and provided patches. This competition just waves money in front of hackers faces and says "Hey, don't contribute to the safety of everybody online, when you can have all this money, and your name splashed across the news for days!".

This is disrespectful to the end user, the person who we tend to forget, is the most important person in front of the computer.

Edited 2009-03-19 08:14 UTC

Reply Parent Score: 4

RE[4]: Sad to say
by oxygene on Thu 19th Mar 2009 09:30 in reply to "RE[3]: Sad to say"
oxygene Member since:
2005-07-07

This is disrespectful to the end user, the person who we tend to forget, is the most important person in front of the computer.

Huh? "the most important person in front of the computer"?
Probably for companies that have to care about their market share. But for some random Joe Hacker?

Reply Parent Score: 1

RE[4]: Sad to say
by Soulbender on Thu 19th Mar 2009 11:50 in reply to "RE[3]: Sad to say"
Soulbender Member since:
2005-08-18

This competition is just to sensationalise


On that we can agree. It even has an incredible lame name to prove it.

Reply Parent Score: 3